Implemented response validation part of
https://w3c.github.io/webappsec-subresource-integrity/.
Implemented step eighteen of the main fetch. If a request has integrity
metadata, then following steps are performed
*Wait for response body
*If the response does not have a termination reason and response does not
match request’s integrity metadata, set response to a
network error.# Please enter the commit message for your changes. Lines starting
Implemented step nine of the main fetch. If current URL scheme is 'HTTP'
and current URL's host is domain and if current URL's host matched with
Known
HSTS Host Domain Name Matching results in either a superdomain match with
an asserted includeSubDomains directive or a congruent match then we
change request scheme to 'https'. This change has been made in method.rs
A test case to validate this has been added in fetch.rs. For asserting
https scheme, a https localhost was required. For this purpose I have
created a self-signed certificate and refactored fetch-context and
connector.rs to programmatically trust this certificate for running this
test case.
Rewrite determine_request_referrer() to explicitly limit it to the checks it can do.
Checks for the Client value should reside in the script thread.
I also noted some other issues in this code.
<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/14508)
<!-- Reviewable:end -->
CookieStorage has been refactored to use HashMap with base domain as the
key. Values of hashmap is vector of cookies.
CookieStorage now has max_per_host which restricts maximum cookies that
can be added per base domain.
Cookie eviction doesnot take place if max_per_host is not reached.
Cookie eviction logic implemented here does following steps
1) Evict all expired cookies
2) Remove oldest accessed non-secure cookie If any
3) When no non-secure cookie exist, remove oldest accessed secure cookie
if new cookie being added is secure. Else ignore new cookie
Also remove now-dead code that rustc warns about.
It turns out that we lost support for some of our custom URL schemes; I intend
to reimplement them, but I believe this will be significantly easier to do
once the legacy code is out of the way.
Implement range index with the Position enum on ServoUrl
<!-- Please describe your changes on the following line: -->
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [ ] These changes fix #__ (github issue number if applicable).
<!-- Either: -->
- [ ] There are tests for these changes OR
- [X] These changes do not require tests because refactoring
<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
r? @emilio
<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/14274)
<!-- Reviewable:end -->
Since last execution statement is the value which is returned, return
keyword has been removed from method strict_origin and
strict_origin_when_cross_origin.
Merge conflicts in Cargo.lock has been handled
Referer policy strict-origin and strict-origin-when-cross-origin changes have been implemented. Relevant unit test cases have been added. Enum for RefererPolicy has been added to hyper codebase and v 0.9.11 of hyper contains these changes.
This commit also contains changes related to upgrade of hyper from v0.9.10 to v0.9.11. Other dependencies changed are rayon, utils, num_cpus.
